Opened 3 years ago
Closed 3 years ago
#15654 closed enhancement (fixed)
grilo-0.3.14
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | gnome-41 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version,
Change History (7)
comment:1 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 3 years ago
NEW in 0.3.14 ============= * !78 CVE-2016-20011: Fix TLS cert validation not being done for any network call * !80 Fix double-free when using GrlNet in Python * !71 Load config from GRL_CONFIG_PATH if set * !77 Clarify LGPLv2.1 or later license * !70 Handle numeric limits for GrlOperationOptions
comment:5 by , 3 years ago
The actual CVE number for grilo is CVE-2021-39365 (CVE-2016-20011 is for libgrss).
comment:7 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Marking as elevated due to CVE-2016-20011: "Fix TLS cert validation not being done for any network call" - as the description states, no validation of certificates were performed, even when TLS was requested.